package com.tarena.csmall.filters.security;

import com.tarena.csmall.filters.filter.MyFilter01;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.header.HeaderWriterFilter;

@Configuration
@EnableWebSecurity(debug = true)
public class MySecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Autowired
    private MyFilter01 myFilter01;
    //不修改任何security 认证逻辑 授权逻辑
    //自定义的security 过滤器链
    @Override protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated();
        http.addFilterBefore(myFilter01, HeaderWriterFilter.class);
        //securit提供的一个可以实现认证的 过滤器 可以看到认证登录的页面
        http.formLogin().disable();
        //另外一种认证逻辑
        http.httpBasic().disable();
        //关闭 csrf过滤器
        http.csrf().disable();
        //关闭session
        http.sessionManagement().disable();
        //关闭logout
        http.logout().disable();
    }
}
